package com.one.rope.mvp.web.config;

import com.one.rope.mvp.web.common.filter.AdminUserLoginFilter;
import com.one.rope.mvp.web.common.filter.AdminUserLogoutFilter;
import com.one.rope.mvp.web.common.filter.UserLoginFilter;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.LinkedHashMap;

/**
 * @author Weijian.liu
 * @desc Shiro基础权限配置
 * @date 2018/12/18
 */
@Configuration
public class ShiroConfig {

  private Logger logger = LoggerFactory.getLogger(ShiroConfig.class);

  /**
   * 将自己的验证方式加入容器
   */
  @Bean
  public MyShiroRealm getCommonShiroRealm() {
    MyShiroRealm myShiroRealm = new MyShiroRealm();
    return myShiroRealm;
  }

  //权限管理，配置主要是Realm的管理认证
  @Bean
  public SecurityManager securityManager() {
    DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    securityManager.setRealm(getCommonShiroRealm());
    return securityManager;
  }

  /**
   * Filter工厂，设置对应的过滤条件和跳转条件
   */
  @Bean
  public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
    ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
    // 必须设置 SecurityManager
    shiroFilterFactoryBean.setSecurityManager(securityManager);
    shiroFilterFactoryBean.setLoginUrl("/unauthorized");
    shiroFilterFactoryBean.setUnauthorizedUrl("/forbidden");

    // 配置访问拦截
    LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
    filterChainDefinitionMap.put("/swagger-ui.html", "anon");
    filterChainDefinitionMap.put("/doc.html", "anon");
    filterChainDefinitionMap.put("/webjars/**", "anon");
    filterChainDefinitionMap.put("/webjars/springfox-swagger-ui/**", "anon");
    filterChainDefinitionMap.put("/v2/**", "anon");
    filterChainDefinitionMap.put("/swagger-resources/**", "anon");
    filterChainDefinitionMap.put("/static", "anon");

    filterChainDefinitionMap.put("/admin/login", "anon");
    filterChainDefinitionMap.put("/admin/api/**", "adminauthc");
    filterChainDefinitionMap.put("/admin/logout", "adminlogout");

    filterChainDefinitionMap.put("/user/auth/login", "anon");
    filterChainDefinitionMap.put("/user/api/**", "userauthc");

    AdminUserLogoutFilter adminUserLogoutFilter = new AdminUserLogoutFilter();
    AdminUserLoginFilter adminUserLoginFilter = new AdminUserLoginFilter();
    UserLoginFilter userLoginFilter = new UserLoginFilter();
    shiroFilterFactoryBean.getFilters().put("adminauthc", adminUserLoginFilter);
    shiroFilterFactoryBean.getFilters().put("adminlogout", adminUserLogoutFilter);
    shiroFilterFactoryBean.getFilters().put("userauthc", userLoginFilter);

    shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    return shiroFilterFactoryBean;
  }

  /**
   * 启用注解
   */
  @Bean
  public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(
      SecurityManager securityManager) {
    logger.warn("开启了shiro注解功能!");
    AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
    authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
    return authorizationAttributeSourceAdvisor;
  }
}
